toot: wip
diff --git a/app/toot/prod.jsonnet b/app/toot/prod.jsonnet
new file mode 100644
index 0000000..e30247b
--- /dev/null
+++ b/app/toot/prod.jsonnet
@@ -0,0 +1,35 @@
+# toot.hackerspace.pl, a Mastodon instance.
+# This needs a secret provisioned, create with:
+# kubectl -n toot create secret generic mastodon --from-literal=postgres_password=$(pwgen 24 1)
+
+local kube = import "../../kube/kube.libsonnet";
+local postgres = import "../../kube/postgres.libsonnet";
+
+{
+ local app = self,
+ local cfg = app.cfg,
+ cfg:: {
+ namespace: "toot",
+ },
+
+ metadata(component):: {
+ namespace: app.cfg.namespace,
+ labels: {
+ "app.kubernetes.io/name": "toot",
+ "app.kubernetes.io/managed-by": "kubecfg",
+ "app.kubernetes.io/component": component,
+ },
+ },
+
+ namespace: kube.Namespace(app.cfg.namespace),
+
+ postgres: postgres {
+ cfg+: {
+ namespace: cfg.namespace,
+ appName: "toot",
+ database: "mastodon",
+ username: "mastodon",
+ password: { secretKeyRef: { name: "mastodon", key: "postgres_password" } },
+ },
+ },
+}
diff --git a/kube/postgres.libsonnet b/kube/postgres.libsonnet
new file mode 100644
index 0000000..bc087cf
--- /dev/null
+++ b/kube/postgres.libsonnet
@@ -0,0 +1,84 @@
+# PostgreSQL on Kubernetes.
+
+local kube = import "kube.libsonnet";
+
+{
+ local postgres = self,
+ local cfg = postgres.cfg,
+ cfg:: {
+ namespace: error "namespace must be set",
+ appName: error "app name must be set",
+ storageClassName: "waw-hdd-redundant-1",
+ prefix: "", # if set, should be 'foo-'
+
+ image: "postgres:10.4",
+ database: error "database must be set",
+ username: error "username must be set",
+ # not literal, instead ref for env (like { secretKeyRef: ... })
+ password: error "password must be set",
+ },
+
+ makeName(suffix):: cfg.prefix + suffix,
+
+ metadata:: {
+ namespace: cfg.namespace,
+ labels: {
+ "app.kubernetes.io/name": cfg.appName,
+ "app.kubernetes.io/managed-by": "kubecfg",
+ "app.kubernetes.io/component": "postgres",
+ },
+ },
+
+ volumeClaim: kube.PersistentVolumeClaim(postgres.makeName("postgres")) {
+ metadata+: postgres.metadata,
+ spec+: {
+ storageClassName: cfg.storageClassName,
+ accessModes: [ "ReadWriteOnce" ],
+ resources: {
+ requests: {
+ storage: "30Gi",
+ },
+ },
+ },
+ },
+ deployment: kube.Deployment(postgres.makeName("postgres")) {
+ metadata+: postgres.metadata,
+ spec+: {
+ replicas: 1,
+ template+: {
+ spec+: {
+ volumes_: {
+ data: kube.PersistentVolumeClaimVolume(postgres.volumeClaim),
+ },
+ containers_: {
+ postgres: kube.Container(postgres.makeName("postgres")) {
+ image: cfg.image,
+ ports_: {
+ client: { containerPort: 5432 },
+ },
+ env_: {
+ POSTGRES_DB: cfg.database,
+ POSTGRES_USER: cfg.username,
+ POSTGRES_PASSWORD: cfg.password,
+ PGDATA: "/var/lib/postgresql/data/pgdata",
+ },
+ volumeMounts_: {
+ data: { mountPath: "/var/lib/postgresql/data" },
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ svc: kube.Service(postgres.makeName("postgres")) {
+ metadata+: postgres.metadata,
+ target_pod:: postgres.deployment.spec.template,
+ spec+: {
+ ports: [
+ { name: "client", port: 5432, targetPort: 5432, protocol: "TCP" },
+ ],
+ type: "ClusterIP",
+ },
+ },
+}